By reading the code, I found that the patch for the fault injection part is located in SanitizerCoverage.cpp under LLVM. After applying the patch, LLVM is compiled. Then, when executing the command python3 /path/to/PrIntFuzz/scripts/python/setup.py --build_linux_fault, it calls clang.sh to compile the Linux kernel. However, I did not see the enabling parameter for -fsanitize-coverage in clang.sh. Even when I manually add the enable flag, some modules in the entire Linux build do not apply this parameter. I would like to know how you use this feature?
By reading the code, I found that the patch for the fault injection part is located in
SanitizerCoverage.cppunder LLVM. After applying the patch, LLVM is compiled. Then, when executing the commandpython3 /path/to/PrIntFuzz/scripts/python/setup.py --build_linux_fault, it callsclang.shto compile the Linux kernel. However, I did not see the enabling parameter for-fsanitize-coveragein clang.sh. Even when I manually add the enable flag, some modules in the entire Linux build do not apply this parameter. I would like to know how you use this feature?